Password Managers

What is a Password Manager and Why do I need one?

LastPass is a password manager. It helps you be more secure by making it easy to use a different password for every Web site.

  • LastPass uses: AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
  • User data is encrypted and decrypted locally at the device level. Data stored in the vault is kept secret, even from LastPass.
  • The user’s master password, and the keys used to locally encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.
  • When adding a new Web site, make sure to turn off AutoFill
  • LastPass Configuration
    • On the Login screen: Uncheck “Remember Email”
    • On the Login screen: Uncheck “Show My LastPass Vault After Login”
    • Under: Preferences > General: enable “Automatically Logoff when all browsers are closed for (mins)” and set the time to 1 min
    • Equivalent Domains: These are different domains that belong to the same entity. Also some Web sites my switch to a different domain for authentication.
      • Go to: My Vault > Account Settings > Equivalent Domains
      • Some “Equivalent Domains” to add to LastPass are:
        • comptia.org, certmetrics.com
        • nysed.gov, ny.gov
        • nycboe.net, nycenet.edu
        • apple.com, icloud.com, itunes.com
    • Make sure to:
      1. Export your encrypted LastPass Vault data on a regular basis: Tools > Export To > LastPass Encrypted File
      2. Download and keep a copy of the current LastPass executable. This will allow you access your exported data, if LastPass.com is not available or you don’t have Internet access.
  • SecurityNow! Episode #256: In-depth review and evaluation of LastPass (00:52:28 – 01:53:00). [Show Notes]
  • Review: LastPass password manager (thetechherald.com)
  • LastPass Review & Rating (PCMag.com)
  • Why use LastPass? (Kinetal IT) (Note: When you’re using LastPass, never save passwords in the Web browser!)
  • Wikipedia Article on LastPass

Leave a Comment